Nov 27th, 2012, 09:07 AM
getting the "redirect_uri" within the login page
In my implementation of OAuth, I have a login page that lets a non-registered user to create an account.
After a user successfully creates an account, I send him a verification email, which supposed to both activate his account as well as redirect him to the page he initially wanted to get to. In oAuth, when a user tries to get to a protected resource, he is redirected to the oAuth mechanism, and one of the params is the "redirect-uri", so after authenticating the oAuth-server knows where to send the client to. Unfortunately, I did not find the way to get the "redirect-uri" within the login page, so I cannot pass it as a param to the "create account" flow. (Meaning, once I left the login page, I do not know the "redirect-uri").
Is there a way to get the redirect-uri?
Note: It might be a question that is related not specifically to oAuth, so I've posted it in spring Security Forum as well...
Last edited by OhadR; Nov 27th, 2012 at 09:59 AM.
Nov 27th, 2012, 10:52 AM
You are right, I think, in that it is not an OAuth concern - why would the initial request be an OAuth redirect, necessarily? Spring Security stores the initial request in a login flow in the session, and you can get it from there if you know where to find it (the other forum probably will help).
Tags for this Thread